C.1 The cssconfig Command-Line Utility

Use the cssconfig command-line utility to generate a security configuration file (security.xml) that uses a password policy.

The cssconfig utility is located in the ORACLE_CEP_HOME/ocep_11.1/bin directory, where ORACLE_CEP_HOME is the main Oracle CEP installation directory, such as d:\oracle_cep. The utility comes in two flavors:

cssconfig.cmd (Windows)

cssconfig.sh (UNIX)

The Unix version of this utility starts with the #!/bin/ksh directive. On most Unix systems, this forces the Korn Shell program to be used when using the utility. If the ksh program is not present in the bin directory or if the shell language used cannot properly execute the utility, run the utility as shown below:

prompt> $PATH_TO_KSH_BIN/ksh -c cssconfig.sh

where PATH_TO_KSH_BIN is the fully qualified path to the ksh program.

C.1.1 cssconfig Syntax

cssconfig -p propertyfile [-c configfile] -i inputkeyfile [-d]

where:

propertyfile is a file that contains security configuration properties provided by the user to define the required configuration. This option is required. See Example 10-1 for an example.

configfile is the name of the generated file. This property is optional; default value is security.xml.

inputkeyfile is the fully qualified name of the input key file used to generate the security configuration file. Set this option to the security-key.dat file in the config directory.

-d enables debugging.

C.2 The encryptMSAConfig Command-Line Utility

Use the encryptMSAConfig encryption command-line utility to encrypt cleartext passwords, specified by the <password> element, in XML files. Examples of XML files that can contain the <password> elements include:

config.xml

security-config.xml

Component configuration files

The encryptMSAConfig utility is located in the ORACLE_CEP_HOME/ocep_11.1/bin directory, where ORACLE_CEP_HOME is the main Oracle CEP installation directory, such as d:\oracle_cep. The utility comes in two flavors:

encryptMSAConfig.cmd (Windows)

encryptMSAConfig.sh (UNIX)

C.2.1 encryptMSAConfig Syntax

encryptMSAConfig directoryXML_file aesinternal.dat_file

where:

directory refers to the directory that contains the XML file which in turn contains a cleartext <password> element.

XML_file refers to the name of your XML file.

aesinternal.dat_file parameter refers to the location of the .aesinternal.dat file associated with your domain; this file is located in the ORACLE_CEP_HOME/user_projects/domains/DOMAIN/SERVER directory, where ORACLE_CEP_HOME is the main Oracle CEP installation directory, such as d:\oracle_cep, DOMAIN refers to the domain directory (such as myDomain), and SERVER refers to the server instance (such as myServer).

C.4 The passgen Command-Line Utility

Use the passgen command-line utility to hash user passwords for addition to a security database.

Note:

The passgen command line utility has been deprecated as of Version 10.3 of Oracle CEP. This is because the Configuration Wizard automatically performs the required task for you.

The passgen utility is located in the ORACLE_CEP_HOME/ocep_11.1/bin directory, where ORACLE_CEP_HOME is the main Oracle CEP installation directory, such as d:\oracle_cep. The utility comes in two flavors:

passgen.cmd (Windows)

passgen.sh (UNIX)

C.4.1 passgen Syntax

passgen [-a algorithm] [-s saltsize] [-h] [-?] [password]*

where:

Table C-2 passgen Arguments

Option

Description

Default Value

-a

algorithm specifies the hash algorithm to use:

SHA-1

MD2

MD5

SSHA

SHA-256

The actual list of algorithms that can be set depends on the security providers plugged into the JDK.

If not specified, the default is SHA-1.

-s

saltsize is the number of salt characters added to ensure a unique hash string.

If not specified, the default is 4.

-h, -?

Displays command line options and exits.

password

If passwords are specified on the command line they shall be hashed and printed out one per line in order from left to right. If no passwords are specified on the command line, then the tool shall prompt for passwords to hash interactively.

Note:

Windows operating systems must use the .cmd version of this utility, Unix platforms must use the .sh version.

The Unix version of this utility starts with the #!/bin/ksh directive. On most Unix systems, this forces the Korn Shell program to be used when using the utility. If the ksh program is not present in the bin directory or if the shell language used cannot properly execute the utility, run the utility as shown below:

In this mode, a password is entered and the resulting hashed version of the password is displayed. The hashed version of the password can then be entered into the password field of a security database.

Note:

In example, the passwords are shown to be echoed to the screen for demonstration purposes. In most situations, the password would not be displayed unless your platform does not support invisible passwords.

C.4.2.2 Providing a Password on the Command Line

The following is an example using the passgen utility when providing the passwords to be hashed on the command line:

The secgen utility is located in the ORACLE_CEP_HOME/ocep_11.1/bin directory, where ORACLE_CEP_HOME is the main Oracle CEP installation directory, such as d:\oracle_cep. The utility comes in two flavors:

secgen.cmd (Windows)

secgen.sh (UNIX)

C.5.1 Generating a File-Based Provider Configuration File

Use the following command line options to generate a file-based security provider configuration file.

A SecGenTemplate.properties template file is located at ORACLE_CEP_HOME/ocep_11.1/bin where ORACLE_CEP_HOME is the main installation directory of Oracle CEP, such as /oracle_cep.

C.5.2 Generating a Key File

Use the following command line options to generate a security key file.

secgen [-k] [-o outputfile]

where:

Table C-4 secgen Arguments for a Key File

Option

Description

Comments

-k

Generate a key file; mutually exclusive with the -F option.

If not present, -k is assumed.

-o

outputfile is the name for the generated file.

Default output file name is security-key.dat.

C.5.3 Using the secgen Properties File

When running secgen, you can use the -P option to specify a property file to customize provider configurations. A SecGenTemplate.properties template file is located in ORACLE_CEP_HOME/ocep_11.1/bin where ORACLE_CEP_HOME is the main installation directory of Oracle CEP, such as /oracle_cep.

You specify cleartext passwords the property file; however, these passwords will be stored encrypted in the generated configuration file.

The following example shows a property file used for file based provider customization:

C.5.4 Examples of Using secgen

The following example shows how to use the secgen utility to generate a key file with the name myKeyFile.dat:

prompt> secgen -k -o myKeyFile.dat

The following example shows how to use the secgen utility to generate a file-based security provider configuration file named myConfigFile.xml which also uses the previously generated key file, myKeyFile.dat, and a properties file named mySecGen.properties:

C.5.5 Limitations of secgen

Windows operating systems must use the .cmd version of this utility, Unix platforms should use the .sh version.

The Unix version of this utility starts with the #!/bin/ksh directive. On most Unix systems, this forces the Korn Shell program to be used when using the utility. If the ksh program is not present in the bin directory or if the shell language used cannot properly execute the utility, run the utility as shown below:

prompt> $PATH_TO_KSH_BIN/ksh -c secgen.sh

where PATH_TO_KSH_BIN is the fully qualified path to the ksh program.

Scripting on this page enhances content navigation, but does not change the content in any way.